nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-17 11:00:59 -05:00
Code Issues Projects Releases Wiki Activity

Make our process's ACL more restrictive.

Browse Source 
By default Windows processes have wide open ACLs which allow interference
by other processes running as the same user.  Adjust our ACL to make this
a bit harder.

Because it's useful to protect PuTTYtel as well, carve winsecur.c into
advapi functions and wincapi.c for crypt32 functions.

(cherry picked from commit 48db456801)

Conflicts:
	Recipe

(cherry-picker's note: the conflict was just some context not looking
quite the same)
This commit is contained in:
Simon Tatham
2016-02-25 20:30:58 +00:00
parent 14d0a08a96
commit db910f712c
7 changed files with 66 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
windows/winsecur.c
View File

@ -36,21 +36,6 @@ int got_advapi(void)
return successful;
}
int got_crypt(void)
{
static int attempted = FALSE;
static int successful;
static HMODULE crypt;
if (!attempted) {
attempted = TRUE;
crypt = load_system32_dll("crypt32.dll");
successful = crypt &&
GET_WINDOWS_FUNCTION(crypt, CryptProtectMemory);
}
return successful;
}
PSID get_user_sid(void)
{
HANDLE proc = NULL, tok = NULL;
@ -237,7 +222,7 @@ int make_private_security_descriptor(DWORD permissions,
return ret;
}
int protectprocess(char *error)
int setprocessacl(char *error)
{
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;